There has been broad support for the national facial identification and verification system among the state, territorial and Commonwealth governments. The system could draw on sources that hold a person facial image such as passports, citizenship data or driver’s licenses, which are held in various jurisdictions.

The Intergovernmental Agreement on Identity Matching Services (IGA) was signed by the Council of Australian Governments in October of last year. It committed them to: “the sharing and matching of identity information to prevent identity crime, support law enforcement, uphold national security, promote road safety, enhance community safety and improve service delivery, while maintaining robust privacy and security safeguards”.

The Identity Matching Services that are mentioned in the agreement include the existing federal Document Verification Service (DVS) and Face Verification Service (FVS), as well as an Identity Data Sharing Service and several additional facial recognition services such as the Face Identification Service; the One Person One Licence Service; and the Facial Recognition Analysis Utility Service.

Andrew Rice, the acting first assistant secretary of the Identity and Biometrics Division at the Department of Home Affairs told the federal parliamentary inquiry into the bills that the services are “not intended for mass surveillance.”

He continued that the Face Identification Service (FIS) couldn’t be used to provide real time facial recognition of people in public spaces. It will instead work by selecting a collection of possible matches at which point a FIS-trained operator would need to sort through them.

According to the IGA the FIS will provide: “a gallery of the highest matching facial images, as determined by the facial recognition system”. However, it is worth noting that the legislation does not appear to explicitly impose this approach.

The Victorian Government who signed up to the IGA did raise a number of concerns over the proposed legislation earlier in the year. Namely around misuse of data or access breaches by users of the IMS itself and has suggested that an independent regulatory body could be appointed to oversee the system.

Further concerns were raised around possible private sector access. While the government has said that private sector organisations, such as banks, would be allowed to access the DVS and FVS they would be barred from accessing the more powerful FIS or FMS. However, the Victorian Government argues that the main bill does not explicitly bar non-governmental organisations from accessing these services going beyond what was originally agreed by the state and territory governments.

Home Affairs does acknowledge that the bills lack the equivalent prohibition found in the existing documents. Although Rice sought to combat this by stating that the exclusion of these points from the bills was to “future proof the bills.”

He said: “We said to them [the Victorian government] that we drafted the bill on the question of private-sector access to allow for future use.” He continued: “However we have recognise, as the IGA does, that there’s a separate policy process that state ministers would go through in order to agree to private-sector access.

“So we were future proofing the bill but knowing that we needed to get the agreement of state ministers and that’s what happened with the various stages of the Document Verification Service as well. So we were allowing for a future event.”

Further “future proofing”, according to Rice, was the bill’s provision that allows the minister to define new types of identity information that could be covered by the system.

A variety of identity information is outlined in the bill including date of birth, name, the data currently held in passport and driver’s licenses and crucially facial images. However, the bill does prohibit other identifiers such as race, ethnicity, sexuality, health and genetic information and religious or political beliefs, opinions or memberships.

However, the bill does leave a degree of ministerial discretion to define new types of identity which can include “any information that is prescribed by the rules and relates to the individual” but is not part of the prohibited categories. Rice claimed this has been allowed for the “provision [of] future proofing.”

Rice further confirmed that this could hypothetically include identifiers such as gait analysis, retina scans, fingerprints and sweat, pore and body odour analysis. Yet he was quick to dismiss concern adding: “Do we have any plans? No we don’t… this whole system has been conceived on the basis of using what’s already there. We don’t have iris holdings that are searchable and I think some of those other modalities … are nascent modalities … in a biometric sense.”